In his keynote at ElixirConf this month, Nerves co-founder Justin Schneck announced the launch of NervesHub — an extensible web service that allows you to manage over-the-air (OTA) firmware updates of devices in the field. We’re proud to be official sponsors and core contributors to NervesHub, working with Justin and his fellow co-founder Frank Hunleth.
Nerves and NervesHub are our preferred technologies for building embedded Linux solutions. Curious about why? Then this blog post is for you!
What is Nerves?
Nerves is a framework for developing embedded software with Elixir on a minimal Linux system, and it is made up of three main components:
- Platform: A customized, minimal Buildroot-derived Linux that boots directly to the BEAM virtual machine.
- Framework: A ready-to-go library of Elixir modules to get you up and running quickly.
- Tooling: Powerful command-line tools to manage builds, update firmware, configure devices, and more.
But the Nerves team faced a challenge: Once you have a host of devices in production — out in the field — how do you manage firmware updates? This is a common challenge for companies building IoT solutions, and the inability to quickly and securely deliver firmware updates can lead to major security problems in an IoT infrastructure. Currently, most companies are creating their own way to manage firmware updates.
Keeping connected products up-to-date became a real obstacle for developers building with Elixir and Nerves. The Nerves team wanted to deliver on the promises of Elixir — scalability, fault-tolerance, and functional programming — for hardware. And they needed a way to securely manage firmware updates to realize their vision.
NervesHub is an extensible web service that allows you to manage over-the-air (OTA) firmware updates of devices in the field. Built with Phoenix, NervesHub delivers first-class support for hardware deployments directly from the command line.
The NervesHub team decided to implement client-side SSL for device authentication, which is the same strategy adopted by many IoT services like Amazon IoT and Azure IoT. Because of this, NervesHub can fit in with your current public key infrastructure for device to cloud communication.
Many developers are familiar with the public/private key encryption mechanism central to SSL, but this is traditionally implemented in order to allow a client (user) to verify that a server (website) is who it claims to be.
Client-side SSL is used as a replacement for systems such as username/password login to allow the server to verify the identity of the client. This method of authentication is more secure than typical authentication strategies, which store secrets on a server. With client-side SSL, the server only stores public keys, and the only way to impersonate a client is to gain possession of its private key. When machines (Nerves devices) are clients, private keys can be stored on the device via a one-time provisioning step, which provides a seamless experience for the firmware developers. In addition, it means that any potential attacker must individually compromise each actual device he/she wants to impersonate.
To take firmware security one step further, NervesHub requires that all firmware being pushed is signed with a private encryption key that belongs to the developer’s NervesHub organization. Both NervesHub and Nerves devices verify firmware signatures to protect against malicious or accidental upgrades to unauthorized firmware. Companies even can implement firmware-signing rooms where the private signing keys are not accessible on any network. Similar to NervesHub’s client-side SSL implementation, the public key information is the only information shared with the server.
When Justin joined the Nerves team, he wanted the project to be extensible — and NervesHub is no exception. Every application will have its own backend and its own specific needs that can’t be handled by NervesHub. That’s why the team provides an API that allows you to leverage NervesHub for firmware management from within your current infrastructure. NervesHub is fully open-source and uses all Elixir technologies, including Phoenix.
“Because NervesHub is extensible, you can communicate with NervesHub to update your firmware and generate certificates and identities no matter what your backend is written in,” Justin says.
In addition, there are plans to allow users to leverage NervesHub’s client-side SSL system for device verification via the API. This will allow any backend to verify the identity of a device by simply querying NervesHub with the certificate provided by the device upon connection.
Frank, Justin, and the rest of the Nerves team have benefited greatly from open source software, which led them to make NervesHub an open source project. Not only can users sign up for an account on the hosted NervesHub application, but they can also clone or fork the open source repository and host NervesHub on their own infrastructure. This is a critical feature for users that need to keep their firmware delivery services on private servers.
The Future of Nerves
With the launch of NervesHub behind them, Frank and Justin have a laundry list of improvements they want to make. And they’re not getting too far ahead of themselves.
“I like to listen to the community and see what they’re excited about,” Frank says. “That will probably drive the next big thing for Nerves.”